gabriel rosenkoetter on Mon, 27 May 2002 17:10:23 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] perl passwd locking


On Sun, May 26, 2002 at 03:08:39PM -0400, Fred K Ollinger wrote:
> My scripts all work out of cron and work flawlessly, but someoneo pointed
> out that I was asking for a race condition which would hose the passwd
> file if another process tried to access passwd file at the same time.

Yep, any time you set this up to work both ways, you're asking for
trouble. The similar mechanism (no Perl, just Bourne shell, and
rsync over ssh with a no-passphrase DSA key for root did most of the
leg work) I've used in the past enforces changing passwords on the
master machine.

> The debian shadow source code makes use of a c-interface for passwd
> locking, but I can't find any perl interface in cpan nor anywhere else. Is
> there such a util for passwd locking in perl? I will write one if I need
> to, but I'd rather save the work instead of reinventing the wheel.

You didn't say what mechanism Debian used for file locking on passwd
and shadow, but:

cpan> i /flock/
Distribution    B/BI/BILLH/File-FlockDir-1.02.tar.gz
Distribution    M/MU/MUIR/modules/File-BasicFlock-98.1202.tar.gz
Distribution    M/MU/MUIR/modules/File-Flock-101.060501.tar.gz
Module          File::BasicFlock (M/MU/MUIR/modules/File-BasicFlock-98.1202.tar.gz)
Module          File::Flock (M/MU/MUIR/modules/File-Flock-101.060501.tar.gz)
Module          File::FlockDir (B/BI/BILLH/File-FlockDir-1.02.tar.gz)
Module          File::ManualFlock (Contact Author Bill Catlan <wcatlan@cpan.org>)
Module          IO::LockedFile::Flock (R/RA/RANI/IO-LockedFile-0.21.tar.gz)
Module          Mail::Box::Locker::Flock (M/MA/MARKOV/Mail-Box-2.013.tar.gz)
9 items found

chances are decent it's that.

In any case, you never want to write directly to /etc/passwd or
/etc/shadow; a poorly timed power outtage and you're completely
screwed. You want to write over a tmp file, and then mv that over
the original.

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpAM3mpyxPv1.pgp
Description: PGP signature